Proj 7: Password Hashes with Python (15 pts.)

What You Need

A Kali Linux machine, real or virtual. You could use Windows with Python installed, but it's easier to just use Linux.

Purpose

Generate and crack Windows password hashes with Python.

The same techniques work for Linux and Mac hashes, but thousands of times slower, because Windows uses especially weak hashes.

Getting Test Hashes

In the previous class, we harvested real password hashes from Windows machines with Cain.

Here's a simple test case. A password of

password
has this hash on Windows machines:
8846f7eaee8fb117ad06bdd830b7586c
Windows does not use any salt, so every user with the same password has the same password hash.

Note: If you want to calculate more test cases, just go use this website:

InsidePro Hash Generator

The 3rd type of MD4 is a Windows password hash, as shown below:

Calculating Windows NT Password Hashes with Python

In Kali Linux, in a Terminal window, execute this command:
nano hash1.py
In nano, enter the code shown below:

Save the file with Ctrl+X, Y, Enter.

Running the Program

In a Terminal window, execute this command:
python hash1.py
Enter a password of password.

You should see a result like that shown below (the memory location may be different):

This is a hash, but it's a binary object and all you see is its memory location. To see the normal result in hexadecimal, add the hexdigest() method like this:

Run the program again. This time you should get the exact hash shown below:

This looks more like a hexadecimal hash, but it's incorrect for Windows passwords. As shown above, the correct NT hash starts with 8846.

That's because the Windows algorithm uses Unicode, not ASCII, to encode the characters.

Modify your program to use Unicode, as shown below. (NOTE: the code for Unicode is "UTF-16LE" with the letters in lowercase, NOT "utf-161e".)

Run the program again. This time you should get the exact hash shown below:

Capturing a Screen Image

Make sure the hash is visible, starting with 8846 as shown above.

Click on the host system's taskbar, at the bottom of the screen.

Press the PrntScrn key to capture the whole desktop. Open Paint and paste in the image.

Save the image as "Proj 7a from YOUR NAME".

YOU MUST SEND IN A WHOLE-DESKTOP IMAGE FOR FULL CREDIT

Making a Hash Dictionary

Create a program that calculates the NTLM hashes for all two-digit passwords from 00 to 99.

Capture a screen image showing the last several hashes, as shown below.

Capturing a Screen Image

Make sure the last several hashes are is visible, including 97, 98, and 99, as shown above.

Click on the host system's taskbar, at the bottom of the screen.

Press the PrntScrn key to capture the whole desktop. Open Paint and paste in the image.

Save the image as "Proj 7b from YOUR NAME".

YOU MUST SEND IN A WHOLE-DESKTOP IMAGE FOR FULL CREDIT

Turning in Your Project

Send the images and passwords to cnit.124@gmail.com with a subject of "Proj 7 from YOUR NAME".

Sources

py-md4


Last revised: 8-17-15